HackDig : Dig high-quality web security articles for hacker

Siemens released security updates and temporary fixes to fix a privilege escalation flaw, tracked CVE-2016-7165, that affects several industrial products.

Siemens has released security updates and temporary fixes to address a privilege escalation vulnerability, tracked CVE-2016-7165, that affects several industrial products.

The flaw could be exploited by attackers to escalate their privileges if the flawed products are not installed under the default path.

Users with local access to the Windows system running on the same device as affected Siemens applications can escalate their privileges under certain conditions.

“Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (“C:Program Files*” or the localized equivalent),” reads the advisories published by both Siemens and ICS-CERT.

The privilege escalation vulnerability flaw was reported to Siemens by WATERSURE and KIANDRA IT.

The products affected by this vulnerability are widely adopted by many organizations, the impact of its exploitation depends on each specific implementation.